|
---------------------------------------------- | Meunity 1.1 script injection vulnerability | ---------------------------------------------- PROGRAM: Meunity Community System VULNERABLE VERSIONS: all IMMUNE VERSIONS: none SEVERITY: really high Tested version ============== Meunity Community System 1.1 (stable) Released with IE 5/5.5/6 and AOL. Description ============ "Meunity is a sophisticated Web-based community system that uses PHP. It is object oriented, so it is easily extendible. Its database abstraction layer allows it to be compatible with multiple databases." - sourceforge.net In fact Meunity is a quick and simple CMS with a few options, in this options there's a forum. There's a vulnerability in the forum that allow a badly disposed member to execute code. The problem appears when a user post in the forum, a vulnerability exists in this CMS that allow a badly disposed member to perform a typical IMG attack against visitors : <IMG SRC="javascript:alert('unsecure')"> The problem =========== A badly disposed member can post a topic containing malicious code and as soon as somebody see this topic the code will be executed on his workstation. Vendors status ============== I contacted Zack Coburn (Meunity developper) via sourceforge.net one week ago but I had no answer back. Solution ======== There's no secure release of Meunity Community System, so the unique solution is, at this moment, to disallow posting in Meunity forum to avoid the problem. Hope that Zack Coburn will release a new immune version as soon as possible. Links ===== http://meunity.sourceforge.net/ http://sourceforge.net/projects/meunity/ This vulnerability's orginal paper can be found here: http://www.echu.org/modules/news/article.php?storyid=132 David Suzanne (aka dAs) das@echu.org http://www.echu.org ----------------------------------------------------------------- ECHU.ORG is not responsible for the misuse of the information we provide through our security advisories. These advisories are a service to the professional security community. In no event shall ECHU.ORG be liable for any consequences whatsoever arising out of or in connection with the use or spread of this information. -----------------------------------------------------------------